An Attorney’s Perspective to Preventing Health Care Fraud and Abuse Using 7 Steps

There are 51 separate Federal laws that directly apply to health care, practitioners, and health care organizations. The penalties and sanctions for breaking these laws are incredibly expense with potential jail time if the fraud or abuse is serious or egregious enough making knowing what these laws entail worthwhile to any provider.

While many of Federal laws will affect only health care providers that have Medicaid or Medicare program, the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law No. 104-191, has authority over all federal and state health care programs.

It was passed in 1996 by Congress in a concern for the billions of dollars of fraud and abuse that was happening because of coding irregularities, medical necessity issues, and waiving of copays and deductibles. There are 5 titles to HIPAA and this piece will focus on Part II—Preventing Health Care Fraud and Abuse, Administrative Simplification, and Medical Liability Reform.

HIPAA Fraud and Abuse, Defined

HIPAA defines ‘fraud’ as “an intentional deception or misrepresentation that someone makes, knowing it is false, that could result in an unauthorized payment.”

The attempt itself is considered fraud, regardless of whether it is successful or not.

Abuse “involves actions that are inconsistent with accepted, sound medical, business, or fiscal practices. Abuse directly or indirectly results in unnecessary cost to the program through improper payments.” The difference between fraud and abuse is the individual’s intent; however both have the same impact on the provider or organization.

Medicare Fraud and Abuse

When a Medicare provider commits fraud or abuse, an investigation is launched by the Department of Health and Human Services (DHHS) Office of the Inspector General (OIG) and prepares a civil and/or criminal case. The following are penalties and sanctions for medicare fraud and abuse:


  • Civil penalties of $20,000 per false claim plus triple damages under the False Claims Act.
  • Criminal fines and/imprisonment of up to 10 years if convicted of fraud as defined in HIPAA. Or if convicted under the Anti-Kickback Statute, imprisonment of up to 10 years.
  • Administrative sanctions, including up to $20,000 civil monetary penalty per line item on a false claim and assessments of up to triple the amount of falsely claimed.


In addition, persons who commit healthcare fraud or abuse can also be tried in a court of law for mail and wire fraud, usually by U.S. Prosecutors.

Examples of Fraud:


  • Accepting or soliciting bribes, kickbacks, and/or rebates
  • Altering claims to increase reimbursement
  • Billing for services not provided.
  • Upcoding
  • Entering several insurance ID numbers to ensure payment
  • Falsifying certificates or medical necessity, plans of treatment, and/or patientrecords to justify payment.


Examples of Abuse:


  • Billing non-covered services as covered series
  • Billing or claim processing errors
  • Duplicative charges on a claim
  • Excessive charges for services or equipment
  • Improper billing practices that result in payment by a government program when another payor is responsible
  • Submitting claims for unnecessary medical service or products
  • Violations of participating provider agreements with third-party payers


Hypothetical Example:

Medical review of claims submitted to Medicare by a physician group practice that contains mental health providers identified a pattern of psychiatric services billed on behalf of nursing facility patients with a medical history or dementia. Review of patient records revealed no mental healthcare physician orders or plans of treatment. The group was billing for services never rendered.

Prevent Healthcare Fraud or Abuse in Your Organization Using These 7 Steps


While most organizations and providers do not or will not ever purposefully or intentionally commit fraud, follow these 7 steps to ensure continued compliance with all applicable laws:

  1. Perform periodic audits to internally monitor billing practices
  2. Develop written proper billing practice standards and procedures
  3. Designate a compliance officer to monitor compliance efforts and enforce standards
  4. Conduct appropriate training and education about billing standards and procedures
  5. Respond appropriately to detected violations by investigating allegations and voluntarily disclosing incidents to appropriate government agencies as soon as it is known. This way you can show that you were not purposefully hiding the fraud. This will be taken in consideration if any sanctions are warranted.
  6. Develop open lines of communication to keep employees updated on proper billing practices
  7. Enforce disciplinary standards